Config Fun

No, no way you can completely fix IE6 to be compatible with W3C standards, but at least you can fix some (a lot) of them very easy instead of killing yourself all the time something goes wrong in IE6 while it works fine in FF and even IE7.

Today I had to do some tricky web-design related things and I was mostly checking the results in FF2 and IE7. When I opened the page in IE6, I found out a lot of problems, especially with absolute positioning and overflowing of DIV elements. Luckelly I found the IE7 JavaScript library which fixes the IE6 just by including 3 lines in your page (linking to this lib).

Check it yourself if you are having similar problems.

Today I came across a situation where my credential information was passed in the URL over HTTPS. The URL was like so:

https://www.server.com/login.php?username=USERNAME&password=PASSWORD

There, USERNAME and PASSWORD strings were my actual login information.

Although the transfer was done over the secure protocol, I was somewhat uncomfortable with these data visible to me and possibly to somebody else. I quick search on Google returned this Google Answers question.

It turns out that the query part of the URL is encrypted. Only hostname and port to which the connection is made are visible. However, passing credentials in the URL itself is considered to be a bad practice due to a number of other reasons. For example, this information might be logged and kept in plain text files on the server or it can be available to browser plugins and other applications on the client.

I am running a small Intranet based on LAMP and had to configure some more comfortable way of authentication against MS Active Directory. First thing that came to my mind was a mixture of NTLM (for Internet Explorer users) and Basic (for Firefox which does not support NTLM as far as I know) authentication mechanism, but after playing around I understood that NTLM doesn’t work over SSL and had to add a PAM based authentication which also tied to Active Directory. Here is how things are done:

NTLM Authentication

This authentication is done via Apache2-AuthenNTLM perl module which you can download and install with cpan command as follows: cpan -i Apach2::AuthenNTLM. After the installation, open up apache configuration and add the following for the location needed:

PerlAuthenHandler Apache2::AuthenNTLM
PerlAddVar ntdomain "ad_domain_name pdc_host bdc_host"
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 0
PerlSetVar ntlmauthoritative on
PerlSetVar defaultdomain ad_domain_name
AuthType ntlm,basic
AuthName "Private Area"
require valid-user

Please replace ad_domain_name with the name of your active directory domain name and put correct values for pdc_host and bdc_host. Restart apache and check it out. Please note that I had some problems with the above when used for HTTPS, so my way out was to use this for the internal only virtual host where SSL was not that important.

For the external access, I had to use PAM and SSL as follows.

PAM Auth

Download the PAM module for apache. I used YUM on my fedora server and installed the module with the next command: yum install mod_auth_pam. Then adjust your apache configuration to load the pam module by adding the next lines to apache config file:

LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so
Note that when installing from RPMs, an auth_pam.conf file may be created in the /etc/httpd/conf.d directory automatically - check with your distro.

Then I had to add the following to my SSL virtual host:

AuthName "Private Area"
require valid-user
AuthPAM_Enabled on
AuthType Basic

And finally I had to adjust the /etc/pam.d/httpd file as follows:

auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_unix.so use_first_pass shadow nullok
account sufficient /lib/security/pam_winbind.so
account required pam_nologin.so
account include system-auth

Restart apache and done. Please note that for PAM to work correctly with Active Directory, you have to have samba and winbind configured and working as an Active Directory member

I am using Firefox a lot and though it is a great browser, some functionality is missing by default and have to be added with extensions. There is a huge amount of different stuff available at firefox addons web site, but among most favorite ones that I use are:

Tabs:

• FaviconizeTab - this cool extension allows to remove the page title from the name of the tab, leaving only favicon image displayed. Very nice when you need to keep some web-sites always opened and you are running out of space in the tab bar.
• Tab Mix Plus - a lot of configurations regarding tabs appearance and behavior, plus session manager (a bit better than built-in one).

Google:

• GUtil - adds a button in the toolbar with a drop down menu, containing quick links to most of the Google services and different kinds of searches
• GMarks - integrates Google Bookmarks into Firefox. I am not using any other bookmark services for the complexity reasons. Google Bookmarks are very simple and easy.

Developer Tools:

• Page validator - adds context menu option to validate the page agains W3C standards. Displays results in new tab.
• CSS validator - adds context menu option to validate the CSS of the page agains W3C standards. Displays results in new tab.
• FireFTP - a built in FTP client for Firefox. Has some nice features like accounts manager and security options. Missing sFTP support though.
• IE VIew Lite - allows to open current page in Internet Explorer. Works even on Linux if you have IE installed under wine. The beauty is that you specify the path to IE.

Other:

• Download Statusbar - I am using this extension for a long time now and what I like in it is that it saves a lot of space by avoiding of popping up the download manager window and in addition shows all current downloads information in a compact but very informative way.
• Signature - allows to create a number of predefined signatures and insert them in any text field by using right-click context menu. I use it with my Gmail account where I have more than one email and need different signatures, while Gmail does not allow to have multiple signatures by itself.

Please note that these extensions are used by me in Firefox 2.0 so some of them might not work in Firefox 1.5 (though should work).

If you have any other interesting extensions that you use, please let us know in the comments.

I recently came across small IE6 problem with Google Reader. Google Reader worked very slow and sometime caused IE6 to become unresponsive. As I discovered IE6 had custom settings under Advanced tab and custom settings for Internet Security Zone. Restoring Defaults solved the problem.

Interesting point was that it was fresh Windows XP SP2 installation and a user did not have a chance to change any settings.